SlideShare a Scribd company logo

Retail Week: Cloud Security

Datapipe
Datapipe

5 ways to kill the Cyber Security Threat by Kevin Linsell For more information visit: http://www.adapt.com/

Related slideshows

EMEA Tech Summit Dublin - Winning with SolidFire
EMEA Tech Summit Dublin - Winning with SolidFire EMEA Tech Summit Dublin - Winning with SolidFire
EMEA Tech Summit Dublin - Winning with SolidFire
 
TOP 10 Reasons to Make Peak 10 Your Cloud Provider of Choice
TOP 10 Reasons to Make Peak 10 Your Cloud Provider of ChoiceTOP 10 Reasons to Make Peak 10 Your Cloud Provider of Choice
TOP 10 Reasons to Make Peak 10 Your Cloud Provider of Choice
 
Navigating the new normal with self healing infrastructure automation
Navigating the new normal with self healing infrastructure automationNavigating the new normal with self healing infrastructure automation
Navigating the new normal with self healing infrastructure automation
 
1 of 18
Cloud Security For Retail01 How Not To Make The Headlines: Kevin Linsell Director, Strategy & Architecture Adapt Richard Cassidy Technical Director Alert Logic 5 Ways To Kill The Cyber Security Threat
How Not To Make The Headlines...
Kevin Linsell Director, Strategy & Architecture Adapt What’s Going On Out There?
04 Cloud: The Retail Enabler04 Source: IDC FutureScape, 2015 as many retailers as now will explicitly underpin their customer and operations strategies on 3rd platform technologies by 2017 3x
Cloud Adoption Trends05 Sources: 1. Cloud Industry Forum, 2015 (n=250) 2. Adapt Cloud Adoption Survey, 2015 (n=200) 2 years on: 84% of UK businesses use cloud services today1 48 53 61 69 78 84 52 47 39 31 22 16 0% 20% 40% 60% 80% 100% 2010 2011 2012 2013 2014 2015 And 78% use more than one cloud-based service1 32% 22% 35% 43% 16% 29% 7% 7% 9% 8% 2014 2015 One Two Three Four Five+ 38%will increase their cloud adoption 25%will refine their cloud environment 18%will transform their cloud environment2
An Evolving Landscape06 Early 2000s Mid 2000s 2015 & Beyond Always Online Smartphone Revolution End Of The Dot.com In Pursuit Of Omni-Channel Shopping Trolley Goes Mobile Brick & Mortar + 1-Way Online HybridVirtualPhysical Advanced, Multi Vector Attacks Proliferation & Organisation Basic Malware, Solo Mischief Consumer Technology Data Centre Retail Threats & Attacks
07 Stats That Keep You Up At Night…07 Sources: 1. The UK Cyber Security Strategy: Landscape Review – NAO 2013 2. ACI Worldwide, 2014 Almost 33% of online consumers don’t trust retail security2 £35,000 to £65,000 is the average cost of SME cyber/data loss1 The cost of cyber crime in the UK in 2013 was estimated to be between £18 billion & £27 billion1 7,000 Distributed Denial of Service (DDoS) attacks daily1 For larger businesses, the average cost is £450,000 to £850,0001
Richard Cassidy Technical Director, Alert Logic The Retail Cyber Kill Chain
09 The Retail Cyber Kill Chain 1 – IDC Worldwide Security and Vulnerability Management 2014–2018 Forecast 2 – M-Trends 2015: A View from the Front Lines Attacks are multi-stage using multiple threat vectors On average, it takes organizations 205 days to identify they have been compromised1 Over two-thirds of organizations find out from a 3rd partythey have been compromised2 IDENTIFY & RECON INITIAL ATTACK COMMAND & CONTROL DISCOVER/ SPREAD EXTRACT/ EXFILTRATE
010 Cybercrime: The Main Offenders Cyber Criminal Hacktivist APT
011 Cybercrime: The Main Enablers Anonymity Crypto Currencies Underground Market
012 Have You Been Affected? Source: Alert Logic CSR 2015. n=3026 39% 24% 22% 9% 6% App Attack Brute Force Suspicious Activity Recon Trojan
013 Why Are You Of Interest? Large volumes of personal/ financial data eCommerce Application Diverse, physically insecure infrastructure
Richard Cassidy Technical Director, Alert Logic Kevin Linsell Director, Strategy & Architecture, Adapt How To Kill The Cyber Security Threat
015 Continuous, End-to-End Protection Continuous protection from threat & exposure Threat Intelligence & Security Content 24 x 7 Monitoring & Escalation Your IT Environment Cloud, Hybrid On-Premises Network Events & Vulnerability Scanning Log Data Web Application Events Data Collection Big Data Analytics Platform
016 5 Ways To Kill The Cyber Security Threat Stay Informed &… Best Practice  Secure your applications first  Create robust access management policies  Adopt a patch management approach  Review logs regularly  Build a security toolkit 1 Assume the worst can (and will!) happen 2 Fully assess what is at risk 3 Give responsibility to the right people 4 Plan for rapid recovery 5 View strong risk mgmt & security as an enabler
017 Security: A Shared Responsibility ServiceProviderResponsibility Foundation Services (ISO 27001 compliant) Hypervisor & OS • Firewall & perimeter security services • Segregation of Adapt & Customer Networks • Regular Pen-tested network • Accredited platform design & build • Controlled access for customers • Guest OS hardening • Patch management • Infrastructure updates • Client access management • Permission policies • Security monitoring • Log analysis Apps • Secure coding and best practices • Software and virtual patching • Configuration management • Access management • Application level attack monitoring • Network threat detection • Security monitoring • DDoS ProtectionNetworks Compute Storage DB Network CustomerResponsibility
Get in touch: kevin.linsell@adapt.com @kevlinsell @domore_Adapt Richard Cassidy rcassidy@alertlogic.com @rvcassidy Thanks For Listening! Visit us at Adapt.com

More Related Content

Retail Week: Cloud Security

  • 1. Cloud Security For Retail01 How Not To Make The Headlines: Kevin Linsell Director, Strategy & Architecture Adapt Richard Cassidy Technical Director Alert Logic 5 Ways To Kill The Cyber Security Threat
  • 2. How Not To Make The Headlines...
  • 3. Kevin Linsell Director, Strategy & Architecture Adapt What’s Going On Out There?
  • 4. 04 Cloud: The Retail Enabler04 Source: IDC FutureScape, 2015 as many retailers as now will explicitly underpin their customer and operations strategies on 3rd platform technologies by 2017 3x
  • 5. Cloud Adoption Trends05 Sources: 1. Cloud Industry Forum, 2015 (n=250) 2. Adapt Cloud Adoption Survey, 2015 (n=200) 2 years on: 84% of UK businesses use cloud services today1 48 53 61 69 78 84 52 47 39 31 22 16 0% 20% 40% 60% 80% 100% 2010 2011 2012 2013 2014 2015 And 78% use more than one cloud-based service1 32% 22% 35% 43% 16% 29% 7% 7% 9% 8% 2014 2015 One Two Three Four Five+ 38%will increase their cloud adoption 25%will refine their cloud environment 18%will transform their cloud environment2
  • 6. An Evolving Landscape06 Early 2000s Mid 2000s 2015 & Beyond Always Online Smartphone Revolution End Of The Dot.com In Pursuit Of Omni-Channel Shopping Trolley Goes Mobile Brick & Mortar + 1-Way Online HybridVirtualPhysical Advanced, Multi Vector Attacks Proliferation & Organisation Basic Malware, Solo Mischief Consumer Technology Data Centre Retail Threats & Attacks
  • 7. 07 Stats That Keep You Up At Night…07 Sources: 1. The UK Cyber Security Strategy: Landscape Review – NAO 2013 2. ACI Worldwide, 2014 Almost 33% of online consumers don’t trust retail security2 £35,000 to £65,000 is the average cost of SME cyber/data loss1 The cost of cyber crime in the UK in 2013 was estimated to be between £18 billion & £27 billion1 7,000 Distributed Denial of Service (DDoS) attacks daily1 For larger businesses, the average cost is £450,000 to £850,0001
  • 8. Richard Cassidy Technical Director, Alert Logic The Retail Cyber Kill Chain
  • 9. 09 The Retail Cyber Kill Chain 1 – IDC Worldwide Security and Vulnerability Management 2014–2018 Forecast 2 – M-Trends 2015: A View from the Front Lines Attacks are multi-stage using multiple threat vectors On average, it takes organizations 205 days to identify they have been compromised1 Over two-thirds of organizations find out from a 3rd partythey have been compromised2 IDENTIFY & RECON INITIAL ATTACK COMMAND & CONTROL DISCOVER/ SPREAD EXTRACT/ EXFILTRATE
  • 10. 010 Cybercrime: The Main Offenders Cyber Criminal Hacktivist APT
  • 11. 011 Cybercrime: The Main Enablers Anonymity Crypto Currencies Underground Market
  • 12. 012 Have You Been Affected? Source: Alert Logic CSR 2015. n=3026 39% 24% 22% 9% 6% App Attack Brute Force Suspicious Activity Recon Trojan
  • 13. 013 Why Are You Of Interest? Large volumes of personal/ financial data eCommerce Application Diverse, physically insecure infrastructure
  • 14. Richard Cassidy Technical Director, Alert Logic Kevin Linsell Director, Strategy & Architecture, Adapt How To Kill The Cyber Security Threat
  • 15. 015 Continuous, End-to-End Protection Continuous protection from threat & exposure Threat Intelligence & Security Content 24 x 7 Monitoring & Escalation Your IT Environment Cloud, Hybrid On-Premises Network Events & Vulnerability Scanning Log Data Web Application Events Data Collection Big Data Analytics Platform
  • 16. 016 5 Ways To Kill The Cyber Security Threat Stay Informed &… Best Practice  Secure your applications first  Create robust access management policies  Adopt a patch management approach  Review logs regularly  Build a security toolkit 1 Assume the worst can (and will!) happen 2 Fully assess what is at risk 3 Give responsibility to the right people 4 Plan for rapid recovery 5 View strong risk mgmt & security as an enabler
  • 17. 017 Security: A Shared Responsibility ServiceProviderResponsibility Foundation Services (ISO 27001 compliant) Hypervisor & OS • Firewall & perimeter security services • Segregation of Adapt & Customer Networks • Regular Pen-tested network • Accredited platform design & build • Controlled access for customers • Guest OS hardening • Patch management • Infrastructure updates • Client access management • Permission policies • Security monitoring • Log analysis Apps • Secure coding and best practices • Software and virtual patching • Configuration management • Access management • Application level attack monitoring • Network threat detection • Security monitoring • DDoS ProtectionNetworks Compute Storage DB Network CustomerResponsibility
  • 18. Get in touch: kevin.linsell@adapt.com @kevlinsell @domore_Adapt Richard Cassidy rcassidy@alertlogic.com @rvcassidy Thanks For Listening! Visit us at Adapt.com